November 19, 2013 archive

New Kamailio DNSSEC Module Enables Higher Security For SIP / VoIP

Kamailio LogoIf you are using voice-over-IP (VoIP), and specifically the Session Initiation Protocol (SIP), how do you know if you are really connecting to the correct SIP server when you make a connection?  When you call someone, your SIP server needs to make a connection to the SIP server for the recipient – how is it sure it is reaching the correct server?

As I’ve talked about and written about in the past, one way to help with this is to use DNSSEC to validate that the information received by the SIP server from DNS is in fact accurate.  While DNSSEC support in VoIP systems has been somewhat limited to date, the great Kamailio team has added a module that provides DNSSEC support.  It will be included in the forthcoming Kamailio 4.1 release (whose development was recently frozen, so it should be available soon), but in the meantime it can be added to Kamailio installations using this tutorial:

http://www.kamailio.org/wiki/tutorials/dns/dnssec

The actual module itself can be found at:

http://kamailio.org/docs/modules/devel/modules/dnssec.html

This kind of support for DNSSEC within VoIP is great to see and will lead to more secure communications over IP in the future.  Plus, getting this kind of DNSSEC support out there now will lay the groundwork for potentially using DANE in the future to secure the certificates used in VoIP communications.

Congrats to the Kamailio team and we look forward to learning more about people using this module in the future!

P.S. See our DNSSEC and DNSSEC Basics pages to learn more about how you can get started with DNSSEC.